<?php extract ( $_GET );

	include 'wp-includes/php/DBManager.class.php';
	
	$db = new DBManager ( 'localhost', 'root', '', 'iumus' );
	
	$query = "SELECT Saldo FROM utente WHERE Username = '".$user."'";
	$result = $db->executeQuery ( $query );
	$row = mysql_fetch_array ( $result );
	$saldo = $row[0];
	
	if ( $saldo < $price ) { echo '<script type="text/javascript">alert ("To buy this film you need to charge credit or to be logged!"); location.href = "infoFilm.php?id='.$id.'";</script>'; exit (); }
	
	$query = "Location: infoFilm.php?id=".$id;
	
	if ( isset ( $user ) && strlen ( $user ) > 0 && $user != "noSet" ) {
		$query = "INSERT INTO  `iumus`.`filmnoleggio` ( `idUser`, `idFilm`, `DataNoleggio` ) VALUES ( '".$user."',  '".$id."', NOW() )";
		$db->executeQuery ( $query );
		if ( mysql_affected_rows() < 0 )
			echo '<script type="text/javascript">alert ("You alredy added this film to your films!"); location.href = "infoFilm.php?id='.$id.'";</script>';
		else {
			$saldo -= $price;
			$query = "UPDATE utente SET Saldo = ".$saldo." WHERE Username = '".$user."'";
			$result = $db->executeQuery ( $query );
			echo '<script type="text/javascript">location.href = "infoFilm.php?id='.$id.'";</script>';
		}
	} else { 
		if ( strlen ( $user ) == 0 || $user == "noSet" ) {
			echo '<script type="text/javascript">alert ("You must sign up for add this film to your filmst!"); location.href = "infoFilm.php?id='.$id.'";</script>';
		} else echo '<script type="text/javascript">alert ("You alredy added this film to your films!"); location.href = "infoFilm.php?id='.$id.'";</script>';
	}

?>